+++ This bug was initially created as a clone of Bug #161095 +++
I ran across this issue in the Debian BTS:
It seems that by executing an XMLRPC server in ruby in this manner:
It becomes possible to execute any arbitrary commands within the XMLRPC
Fixed in ruby-1.8.2-1.fc3.3 for FC3 and ruby-1.8.2-7.fc4.2 for FC4.